DNS response fondling confounds security
Security bod Joel Land has reported zero-day holes in a popular model of Belkin router allowing attackers to yank cleartext credentials, spoof DNS responses, and pop admin interfaces. The Belkin N600 DB Wireless Dual Band N+ box released in 2012 and selling for around AUD$150 contains five vulnerabilities from slack randomness (CVE-2015-5987) to cleartext violations and cross-site request forgery (CVE-2015-5990). Land of the US CERT/CC says remote attackers could redirect Belkin owners to malici...